Lucene search
HistoryApr 25, 2013 - 11:55 p.m.
CVE-2013-1933
cve-2013-1933
karteek docsplit
ruby
pdf
command execution
security vulnerability
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.5 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.4%
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
Affected configurations
Node
documentcloudkarteek-docsplitMatch0.5.4
ruby-langruby
| CPE | Name | Operator | Version |
|---|---|---|---|
| documentcloud:karteek-docsplit | documentcloud karteek-docsplit | eq | 0.5.4 |
Related
cvelist
cvelist
CVE-2013-1933
2013-04-25 23:00:00
seebug
seebug
RubyGems karteek-docsplit 'text_extractor.rb'θΏη¨ε½δ»€ζ§θ‘ζΌζ΄
2013-04-11 00:00:00
osv
osv
Karteek Docsplit vulnerable to OS Command Injection
2022-05-17 01:36:24
prion
prion
Code injection
2013-04-25 23:55:00
zdt
zdt
Ruby Gem Karteek Docsplit 0.5.4 Command Injection Vulnerability
2013-04-11 00:00:00
nvd
nvd
CVE-2013-1933
2013-04-25 23:55:01
packetstorm
packetstorm
Ruby Gem Karteek Docsplit 0.5.4 Command Injection
2013-04-10 00:00:00
github
github
Karteek Docsplit vulnerable to OS Command Injection
2022-05-17 01:36:24
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.5 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.4%
Related for CVE-2013-1933